PSIRT Advisory

Kr00k vulnerability (CVE-2019-15126) in Broadcom and Cypress Wi-Fi chips

Summary

During the RSA conference of February 26th 2020, researchers Štefan Svorencík and Robert Lipovsky disclosed a vulnerability in the implementation of the wireless egress packet processing of certain Broadcom Wi-Fi chipsets. This vulnerability is referenced as CVE-2019-15126 and could allow an unauthenticated, adjacent attacker to decrypt Wi-Fi frames without the knowledge of the wireless security key. 


Fortinet Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of this vulnerability. Only products listed in the Affected Products section of this advisory are potentially impacted by this vulnerability.

Impact

Information Disclosure

Affected Products

FortiAP-U version 6.0.2 and below. Meru AP version 8.5.1 and below.
Meru AP version 8.4.6 and below.

Solutions

Please upgrade to FortiAP-U version 6.0.3 or above.
Please upgrade to Meru AP version 8.5.2 or above.
Please upgrade to Meru AP version 8.4.7 or above.